June 2020 Product Release
Future Changes to How We Report Some Network Security Findings
As we continually improve our scan engine and the ways we report findings, we also collaborate with customers who provide valuable feedback on how we report certain findings to ensure that we can provide the best possible information, tied to the highest accuracy we can achieve. We also want to ensure we remove all possible confusion from findings and how we find them.
Based on feedback from a large number of customers, we are working towards refactoring the way we report the port number for what we term Implied Vulnerabilities where we may not be able to authenticated with the Operating System, but we can use other information gathered to make accurate assumptions.
For example, we enumerated the version of Windows based on another service (HTTP, SNMP etc.) we would, by default, report the finding as TCP 445, because that is how you would find it on Windows, or TCP 22 for Linux. The problem has been that this port may not be available, and so we had the potential to cause some confusion if we reported findings on TCP 445, but that port was not seen in the port scan phase.
To overcome this confusion, we are changing this from reporting the assumed port number to instead read Generic.
We are working towards ensuring that this change has as little impact on your current workflows as possible, and how we can ensure the continuation of Accepted Risks and False Positives across this change. Further updates will be provided during the completion of this change.
Update to the Database Integration Library
We have upgraded the libraries used for integrating with MySQL when used within the Event Notifications. We now support MySQL versions 5.6, 5.7 and 8.0.
If you are using the integration into MySQL, please ensure that you are using one of the supported versions.
- Released Container inspection as a beta.
Container inspection allows to check for vulnerabilities in the containers themselves. It works by connecting to the private registry, downloads all the containers and analyses them. This is currently available as an invitation only beta. If you want to be considered for the beta, please ask your sales representative for access.
- Added a top 10 trending global vulnerabilities list based on the Farsight risk score to the dashboard as a proof of concept (Note a Farsight license is not required to see this list). The Dashboard is currently considered beta. If you would like to be considered for the beta, please ask your sales representative for access.
- Implemented a new encryption service to improve performance on encryption tasks. This service introduces two new API end points (see below).
- Introduced two new API endpoints to support the new encryption service.
Bug Fixes and Minor Improvements
- Improved detection of AWS regions such as China and GovCloud East & West.
- Fixed a bug in scheduled reports that would prevent the generate button from being presented.
- Fixed an issue in Cloudsec causing impacts, notes and references being displayed despite being empty.
- Fixed a bug in the scheduled reports date picker preventing OK and cancel being presented on screen without scrolling.
- Fixed an issue that was resulting in duplicate findings being reported instead of deduping them.
- Fixed an issue that, in rare circumstances, could cause an out of memory error when scanning SMB ports.
- Fixed a bug that caused the scan engine to always scan SMB 445 even if it was not available.
- Fixed a bug that was preventing discovery scans completing successfully.
- Fixed a bug tied to the discovery scan issue, that was preventing reports from being generated.
- Fixed a bug that was preventing the Windows Agent generating a valid GUID in certain circumstances.
- Fix a bug preventing a HIAB schedule from talking to a HIAB Scanner under specific enrollment conditions.
- Fixed an issue preventing findings appearing in reports when the maintenance plan is enabled on HIAB.
- Fixed an issue preventing findings being available when applying filters on target groups.
- Fixed an issue resulting in findings being displayed twice under certain circumstances.
- Fixed an issue requiring a distinguished name when fetching LDAP groups.
- Made improvements to service enumeration.
- Made improvements to authenticated user enumeration.
- Added detection for Adobe Bridge.
- Added detection for Arista EOS.
- Improved scan scheduling for agents when added to existing groups.
- Improved error handling when specific modules with no results is encountered.
- Improved registry output from agent during Scan.
- Fixed a bug causing the agent to assume the Administrator account was always 'Administrator'.
- Fixed a bug causing an incorrect call home frequency to be displayed when viewing agents in list mode.
- Removed some options from agent target that were not applicable.
- Fixed a bug causing error messages when attempting to edit the agent host.
- Fixed a bug preventing the correct GUID being created for some agent deployments.
- Fixed a bug that, under specific circumstances, could cause a database lock.
- Fixed a bug preventing the Thycotic integration working correctly in some instances.
- Fixed a bug with the ServiceNow module causing errors with basic authentication under certain conditions.
- Fixed a bug preventing the API taking into consideration port redirects on a HIAB when building URL redirects.
MSSP OUTSCAN Platform
- Fixed a bug preventing MSSP agents from managing terms templates and terms for subscriptions offered.
End of Life Announcement
Elastic Workload Protector (EWP)
- Official End of Life date: 31st September 2020
- Official End of Support date: 31st December 2020